<?php mb_internal_encoding("UTF-8"); ?>
<?php include('db.inc'); ?>
<?php 
session_start();
if ((!isset($_POST['name']) || trim($_POST['name']) == "") 
    || (!isset($_POST['email']) || trim($_POST['email']) == "")
    || (!isset($_POST['comment']) || trim($_POST['comment']) == "")) {
    
    $_SESSION['name'] = $_POST['name'];
    $_SESSION['email'] = $_POST['email'];
    $_SESSION['comment'] = $_POST['comment'];
    
    header ("location: polozka.php?id=".$_POST['id']."&error=validation");

}
else if (!check_email_address($_POST['email']))
{
    $_SESSION['name'] = $_POST['name'];
    $_SESSION['email'] = $_POST['email'];
    $_SESSION['comment'] = $_POST['comment'];
    
    header ("location: polozka.php?id=".$_POST['id']."&error=validation_email");
}
else {

   if( $_SESSION['security_code'] == $_POST['security_code'] && isset($_SESSION['security_code'] ) ) {
		
    $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");  
    mysql_select_db($db) or die ("Unable to select database!");
    mysql_query("SET NAMES 'utf8'");
    $name = substr(addslashes($_POST['name']), 0, 45);
    $email = substr(addslashes($_POST['email']), 0, 100);
    $body = substr(addslashes($_POST['comment']), 0, 2000);
    $query = "insert into comments (food_id, name, email, body) values (".$_POST['id'].", '".$name."', '".$email."', '".$body."')";
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
    mysql_close($connection);  
		unset($_SESSION['security_code']);
		header ("location: polozka.php?id=".$_POST['id']);
		
   } else {
    $_SESSION['name'] = $_POST['name'];
    $_SESSION['email'] = $_POST['email'];
    $_SESSION['comment'] = $_POST['comment'];
		header ("location: polozka.php?id=".$_POST['id']."&error=captcha");
   }
}


function check_email_address($email) {
    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++) {
         if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
            return false;
        }
    }    
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) {
                return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++) {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
                return false;
            }
        }
    }
    return true;
}
?>